Jan Bernhardt created CXF-6043:
----------------------------------
Summary: Multi User BaseDN Support for LdapClaimsHandler
Key: CXF-6043
URL: https://issues.apache.org/jira/browse/CXF-6043
Project: CXF
Issue Type: Improvement
Components: STS
Affects Versions: 3.0.1, 2.7.12
Reporter: Jan Bernhardt
Fix For: 3.1.0
The current implementation of the LdapClaimsHandler only allows to define a
single DN for your user search base. In cases when users are spread in multiple
OUs which do not share a common OU, it is not possible to collect claims for
all the users.
Sample:
CN=Alice,OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM
CN=Bob,OU=External-User,DC=MY,DC=DOMAIN,DC=COM
Setting the "userBaseDN" to "OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM" would
cause that claims for Bob could not be resolved.
My proposal is to add another property "userBaseDNs" to the LdapClaimsHandler
containing a List<String> of userBaseDN. If the user could not be found within
the scope of userBaseDN then all userBaseDNs contained in the Collection will
be searched until the user claims could be retrieved.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
